0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Oce Colorwave 500 CSRF / XSS / Authentication Bypass Vulnerabilities

Author

Marco Ortisi

Risk

[

Security Risk High

]

0day-ID

0day-ID-34119

Category

web applications

Date add

19-03-2020

CVE

CVE-2020-10667
CVE-2020-10668
CVE-2020-10669
CVE-2020-10670
CVE-2020-10671

Platform

jsp

# Exploit Title: Océ Colorwave 500 printer: Multiple vulnerabilities
# Exploit Author: Giuseppe Calì, Marco Ortisi
# Authors blog: https://www.redtimmy.com
# Vendor Homepage: https://www.canon.com
# Software Link: 
https://lfpp.csa.canon.com/tss/tss_product_detail.jsp?PRODUCT%3C%3Eprd_id=845524441910378&SKU%3C%3Esku_id=1689949372031068&FOLDER%3C%3Efolder_id=2534374302162637&bmUID=mpYkKHM
# Version: 4.0.0.0
# CVE: 2020-10667, 2020-10668, 2020-10669, 2020-10670, 2020-10671

We have recently registered five CVE(s) affecting the Oce Colorwave 500 
printer.

CVE-2020-10669 is an authentication bypass allowing an attacker to 
access
documents that have been uploaded to the printer. As the documents 
remain stored
in the system even after they have been printed (depending on the 
printer's
configuration), a malicious insider may be able to access documents 
printed in
the past.

CVE-2020-10667 is a Stored XSS on the 
“/TemplateManager/indexExternalLocation.jsp”
page.

CVE-2020-10668 and CVE-10670 are two Reflected XSS on pages “/home.jsp” 
and
“/SettingsEditor/settingDialogContent.jsp”.

Finally CVE-10671 is a system-wide CSRF due to the absence of any form 
of nonce
or countermeasure protecting against Cross Site Request Forgery.

More details and full story here: 
https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quick-security-assessment-determines-the-success-of-a-red-team-exercise/

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Oce Colorwave 500 CSRF / XSS / Authentication Bypass Vulnerabilities

Report Error

Report Error